203bb420bed85b5a4633b824f92e77daffec61b17752c85bf9bcaad030183d54

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12bd7d39155dd70c4c3bc68149653e13_JaffaCakes118.html
Size

34KB
MD5

12bd7d39155dd70c4c3bc68149653e13
SHA1

aea17ad03503507bf2ee7ba7c0c6aba83a7cff55
SHA256

203bb420bed85b5a4633b824f92e77daffec61b17752c85bf9bcaad030183d54
SHA512

0a01ad72300d034e5ff3904b44b7f23e781ee1adc6217342683b712120914335a973ffecb3883d3e8c9935c21eac553f435b431a71b29b6009fb3ab25d26b366
SSDEEP

768:oF+bt1bPchb2vbw9AV2/T9bKx+pOiJoGeO01Jk4JrYAX2V4TsP:oF+TzchSU9AV25Wx+pOiJ20aZGK4P

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
696	msedge.exe
696	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 4544	696	msedge.exe	86
PID 696 wrote to memory of 4544	696	msedge.exe	86
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 3068	696	msedge.exe	87
PID 696 wrote to memory of 2748	696	msedge.exe	88
PID 696 wrote to memory of 2748	696	msedge.exe	88
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89
PID 696 wrote to memory of 3192	696	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12bd7d39155dd70c4c3bc68149653e13_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff129b46f8,0x7fff129b4708,0x7fff129b4718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10112763298900271435,1383901391934742214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8e6e00666272a29764c72fbcb510e081

SHA1
f015fa87b9dbf5fe802148a6f76821828db7e66f

SHA256
5289ddd83ab6c62b8a91ae7829ea629bbc8b5d12bfcd1862ab00f6c221515c1f

SHA512
327f2d3e6c94f5d4384da5c5177182f4c4b653a37c98b778b2e33391ffd0459c08db69fb0c69bf49aafffd88e38a1a7880d3134c6edb5faa3097a54fc2948127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
75594e25e8b9b1efcfd40d8367f60b6a

SHA1
48919f100cfec4a4e4b37fc59d2e3a72d7794101

SHA256
48973c0d86db1d0ef61d707880b2a54f42c4d7c0ceaf91324ad0e943549e435d

SHA512
6416fa598c88bc3fc82df0d6667f1e3c7abea3af48903d728e62ab0981b7202c0a28fa83a2b108d7e3e4f80bb53695962fb08f3f532e837cbacb1879a8a0b6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
986B

MD5
407e1b879433589d091c30d165011476

SHA1
76228d233d92ee1d8a24a12fa2c408c241055bfe

SHA256
4b3fc6aa8d42ece5691e492548d577d0355ec215a09fdb2f77a52349bce18267

SHA512
2061533425c9083bae214268c40d232c8f109bab4b9614ecbf38925d7e978f5da780d9d3814848956efb819b22fdb9d1ff1e3df6c8677bdfe7d7b38605546e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62caeaa9fa26564a65d5f8744ec69290

SHA1
7da8d0eadbb08fd67f0a2db6beb6e475a69d7a2c

SHA256
1b2aa4c898e7ba093457f115974a9e23eefb9da854b272b2e234099b41768abc

SHA512
39f0e2342682ece6e903f3c9ae262fe9e362926526438895123bf2faa8100c72a94e50dd1c61f2fa2c2ff4bded1ab35b944c64ccb4ebb0059f21544d20e1abd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e50f4b635360905de682ebee36354bd

SHA1
4e9e1b1441ef0b7ae5a3c6130306b9374ecf21bd

SHA256
99d41c966b71860300a11dabe37b87050a6798211d8e69c819839f7c1d86ab72

SHA512
fa78d4cddf55c66e56b386086171dc21a88f81c46e4f4c39b9914ebdae33c3b19ddbbfafb91e680919211e8daf302fb12819d286abd8c0ee1f51fbf14842ceb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76d188c0898ac14817443a87f9b1f52a

SHA1
4399b6aa86f6023b2d141c93cd555f53af875cd8

SHA256
7a9ca0f5224846dc314c7b2cf93f2e775e60f45c917fdbb239fe300780b9868b

SHA512
c38f1370ef71d994034dfdcfbfce824ea8b898eac4c8dfbfc9e8d04c241f9f16a892aeac881c0a91c207faea6b9c3f8bc3a1cb995ae74bc0b703131b0ab724e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
653e41c01a2cbe33bb53d09f783312fb

SHA1
cfdb6438adefccab2def1357a36bca68af8492c3

SHA256
98a6185cf7dab3be1104eee460ca0b26d5ee45cb1d509d54a9aa9975adbbec2f

SHA512
0d6e93eaea8fb799c78896f51689a88f504375fd96f3f7c0771bea3582fac36f6aef85e5700c13819263deab647bef41d1d1c9aa7859761e08f45d2eb3a443e5

Download Submit